F-Secure Labs releases top 10 Android threats of 2015, payment apps to be target this year

“When you go to the checkout, instead of the usual checkout process, the website would push an app at you, asking you to use the app to complete your transaction,” says Ong of F-Secure Labs.ECONOMICTIMES.COM | Updated: February 18, 2016, 17:23 IST

NEW DELHI: With the Mobile World Congress on every body's itinerary, F-Secure Labs' recently released 'Top 10 Android Threats of 2015' list offers a fresh look at how attackers have been taking aim at users of the open source OS. It is also a stark reminder of the need for security in the world of technlogy.

With 15% of detections, the SmsSend family tops the list for the year 2015. An infected device sends text messages to the number, racking up charges on the user's phone bill and fattening the attacker's wallet. These trojans infect either through apps posing as games in third party app stores, or via porn-related apps.

This was followed by ransomware family Slocker which took the second position with 2.46% of detections. Slocker encrypts a device's image, document and video files, and then displays a message accusing the user of breaking the law by having visited pornographic sites. It also infects through spam emails claiming to be an Adobe Flash Player update.

Rounding out the Top 10 list are the information-stealing GinMaster, two exploits that obtain device root access, and a backdoor that gives the attacker access to a device to do as they please.

As far as threats that could gain ground in 2016 in concerned, Zimry Ong, Senior Analyst in F-Secure Labs feels malicious online payment apps will become more prevalent. "These apps are pushed at the user while making a purchase on a perfectly legitimate website, one that's been hacked," he says.

"When you go to the checkout, instead of the usual checkout process, the website would push an app at you, asking you to use the app to complete your transaction," Ong says. "Bottom line is that if you're shopping on a familiar website and there is suddenly a change from the usual checkout process, it's a red flag that something is amiss."

F-Secure will exhibit at Mobile World Congress 2016, showcasing products to enable "The Trusted Internet" on all connected things and mobile devices.